1. Logging in only once is easy.  Make the login page only appear if
Else, have it display a page saying you are already logged in.

2. SSL

3. If a session expires the user logs out and the session is destroyed.
That's why it's called expiration.

4. session_destroy() only destroys the session with the PHPSESSID that
matches the cookie on the users system.  In other words: no, unless both
users run session_destroy.

You're obviously new to this stuff.  PHP was made for ease of use in mind,
so most of your concerns are already addressed.  It would be extremely
difficult to use a session if any user logging out would log every other
user out.

Hope this helps, Aaron.
-----Original Message-----
From: Nhadie Ramos [mailto:[EMAIL PROTECTED] 
Sent: Monday, April 28, 2008 10:05 AM
To: php-db@lists.php.net
Subject: [PHP-DB] session handling

hi all,

i'm a newbie and i really would like to be able to understand how session

for the scenario, i have customers with two users login to manage their
records (like adding their own customers). e.g. customer A has a username
customera1 and customera2,  customer B has customerb1 and customerb2.

when user logins, i add on the session accountcode $_SESSION['accountcode']
(which is the unique identifier for each customer). here are some of the
questions i have:

1. how can i make sure each user can login only one time?
2. if customera1 and customera2 are logged in at the same time and they  are
going to access the same data, how can i lock it to whoever had access to it
3. if a session expires, is there a way to automatically logout that user
and destroy the session?
4. if both a user in customer A and B are logged in, then user A logouts and
i have a script that call session_destroy(), will that also destroy the
session of customer B?

hope someone can help me.


Be a better friend, newshound, and know-it-all with Yahoo! Mobile.  Try it

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to